package com.action.user;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.config.SystemGlobals;
import com.sql.DBFactory;

public class ManageAdminGroup extends HttpServlet {

	private static final long serialVersionUID = 1L;
	
	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		String contentType = SystemGlobals.getValue("contentType");
		PrintWriter out = response.getWriter();
		response.setContentType(contentType);
		Connection conn=null;
        Statement stmt=null;
        ResultSet rs=null;
        String sql=null;
		String GroupNo=request.getParameter("groupno");
        String GroupName=request.getParameter("groupname");
        String Memo=request.getParameter("groupdesc");
        PreparedStatement pstmt=null;
        if(request.getParameter("add")!=null)
        {
                String MaxGroupNo="";
                try
                {
                        conn=DBFactory.getConnection();
                        stmt=conn.createStatement();
                        sql=
                            "select * from admingroup where group_name ='"
                            +GroupName+"'";
                        rs=stmt.executeQuery(sql);
                        if(rs.next())
                        {
                                out.print(
                                    "<script>alert(\"已经存在相同的管理员组\");history.back();</script>");
                                
                        }
                        else
                        {
                                sql=
                                    "insert into admingroup(group_no,group_name,group_desc)values(?,?,?)";
                                pstmt=conn.prepareStatement(sql);
                                sql=
                                    "select max(groupid) as max from admingroup";
                                rs=stmt.executeQuery(sql);
                                if(rs.next())
                                {
                                        MaxGroupNo=Integer.toString(
                                            rs.getInt("max")+1);
                                }
                                pstmt.setString(1,MaxGroupNo);
                                pstmt.setString(2,GroupName);
                                pstmt.setString(3,Memo);
                                pstmt.executeUpdate();
                                out.print("<script>alert(\"添加管理员组成功\");window.location=\"admin/manager/grouplist.jsp\";</script>");
                                out.close();
                        }
                }
                catch(Exception e)
                {
                        out.print(e.getMessage());
                }
                finally
                {
                        try
                        {
                                rs.close();
                                pstmt.close();
                                conn.close();
                        }
                        catch(Exception e)
                        {
                        }
                }
                try
                {
                        conn=DBFactory.getConnection();
                        String PermissionNos[]=request.
                            getParameterValues("checked");
                        sql=
                            "insert into grouppermissionlink(permission_no,group_no)values(?,?)";
                        for(int i=0;i<PermissionNos.length;i++)
                        {
                                pstmt=conn.prepareStatement(sql);
                                pstmt.setString(1,PermissionNos[i]);
                                pstmt.setString(2,MaxGroupNo);
                                pstmt.executeUpdate();
                        }

                }
                catch(Exception e)
                {
                        out.print(e.toString());
                }
                finally
                {
                        try
                        {
                                pstmt.close();
                                conn.close();
                        }
                        catch(Exception e)
                        {
                        }
                }
        }
        if(request.getParameter("edit")!=null)
        {
                try
                {
                        conn=DBFactory.getConnection();
                        stmt=conn.createStatement();
                        sql=
                            "select * from admingroup where group_name ='"
                            +GroupName+"' and group_no !='"+GroupNo+"'";
                        rs=stmt.executeQuery(sql);
                        if(rs.next())
                        {
                                out.print(
                                    "<script>alert(\"\");history.back();</script>");
                        }
                        else
                        {
                                sql=
                                    "update admingroup set group_name=?,group_desc=? where group_no=?";
                                pstmt=conn.prepareStatement(sql);
                                pstmt.setString(1,GroupName);
                                pstmt.setString(2,Memo);
                                pstmt.setString(3,GroupNo);
                                pstmt.executeUpdate();
                        }
                }
                catch(Exception se)
                {
                        out.print(se.getMessage());
                }
                finally
                {
                        try
                        {
                                rs.close();
                                pstmt.close();
                                conn.close();
                        }
                        catch(Exception e)
                        {
                        }
                }
                try
                {
                        conn=DBFactory.getConnection();
                        pstmt=conn.prepareStatement(
                            "delete from grouppermissionlink where group_no=?");
                        pstmt.setString(1,GroupNo);
                        pstmt.executeUpdate();
                }
                catch(Exception e)
                {
                        out.print(e.toString());
                }
                try
                {
                        conn=DBFactory.getConnection();
                        String PermissionNos[]=request.
                            getParameterValues("checked");
                        sql=
                            "insert into grouppermissionlink(permission_no,group_no)values(?,?)";
                        for(int i=0;i<PermissionNos.length;i++)
                        {
                                pstmt=conn.prepareStatement(sql);
                                pstmt.setString(1,PermissionNos[i]);
                                pstmt.setString(2,GroupNo);
                                           pstmt.executeUpdate();
                        }

                        out.print("<script>alert(\"编辑管理员组成功\");window.location=\"admin/manager/grouplist.jsp\";</script>");
                        out.close();
                }
                catch(Exception e)
                {
                        out.print(e.toString());
                }
                finally
                {
                        try
                        {
                                pstmt.close();
                                conn.close();
                        }
                        catch(Exception e)
                        {
                        }
                }
        }
        if(request.getParameter("deleted")!=null)
        {
                String GroupNos[]=request.getParameterValues("deleted");
                sql="delete from admingroup where group_no=?";
                try
                {
                        conn=DBFactory.getConnection();
                        for(int i=0;i<GroupNos.length;i++)
                        {
                                pstmt=conn.prepareStatement(sql);
                                pstmt.setString(1,GroupNos[i]);
                                pstmt.executeUpdate();
                        }

                        out.print("<script>alert(\"删除选定的管理员组成功\");window.location=\"admin/manager/grouplist.jsp\";</script>");
                        out.close();
                }
                catch(Exception e)
                {
                        out.print(e.getMessage());
                }
                finally
                {
                        try
                        {
                                pstmt.close();
                                conn.close();
                        }
                        catch(Exception e)
                        {
                        }
                }
        }
	}

}
